KuppingerCole Webinar recording
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
KuppingerCole Webinar recording
KuppingerCole Webinar recording
Good afternoon, ladies and gentlemen, welcome to our KuppingerCole webinar. Preparing your enterprise for the generation Y B Y O D and mobile wise management. My name's Martin Ko, I'm founder and principle Analyst, Ko Cole. And you can reach with mk@ko.com.
So before we start general information Analyst company, we're providing enterprise it research advisory decision support, networking for it professionals through our research services, where we provide reports and a lot of other information through our advisory services, where we support directly into a developing strategies and reviewing concepts and other types of projects, and through our UNS, our main event, European identity and cloud conference, which truly out next time May 14th to 17, 2013 in Munich, you can start booking. Now we have a interesting number of bookings already.
There's a very interesting early grade currently. So you shouldn't miss to attend this conference and you shouldn't miss to book now for this conference. It's the conference on so leadership and best practices and digital ID cloud, and GRC regarding the webinar. Some guidelines you are muted centrally, so you don't have to mute or yourself. We control these features. We will record the webinar and the podcast will be available tomorrow. Questions and answers will be at the end, but you can ask questions using the questions tool and go to webinar at any time.
Usually I will pick them up at the end. In some case, I might pick them during the webinar. There's a tool at the right side in this go webinar control panel called questions that you can answer questions. As of said at time, there's also the opportunity to earn CPE, continuing professional education credits, CPE credits. There are some learning attractives oops, obviously I've copied this slide from another one. The learning objectives. This time you'll find a website for this webinar. They're identified there.
It's about bring your own device, understanding what you do and how to mitigate risks and all this type of things. Just have a look at the sideway register photos. When this event anyhow, qualifies for one group internet based CPA, you need to take and pass a test. If we want to obtain this group, internet based CPA, following the webinar, when your attendance has been confirmed, you will be sent an email containing a link to test. So that's pretty easy. If you want to do it, you have to listen to the webinar you have to attend and you have to pass the tests which then will be done online.
And as I've said, learning objectives are found at a website. They well, so let's directly start.
And, and when we talk about bring your own UIs and all the related topics, which go In fact beyond bringer own new eyes, then I think the first part is why, why do we really need to talk about is why did this come become so important? And when we look at what currently is happening in the it, we see three fundamental changes, something. My Greg that I like this firm recently called computing. So three things it's really are, are, are affecting and, and pushing what we are doing at it, which are cloud computing, mobile computing, and social computing.
And these changes are so fundamental that we need to do a lot of things different than before. So mobile computing leads to a massive new devices where users want to use these new devices. So we have to deal with other types of devices. Frequently employers have these devices for the organization acquires. So for the organization, procures them and device them. So there's a demand for using these two. I stare some other things there. And overall this leads to consumerization, deep ization of it. Consumerization means we have to deal with many more types of identities.
It's also a lot of things, more driven by the consumer, that classical enterprise, internal it ization trusts us. You know, we don't have this pyramid anymore. We don't have the situation where we say, that's our internal network. That's the rest of the word we're using our notebooks or smartphones or iPads or other tablets or whatever. In external networks, we access the corporate resources using them. We have so many ways to use it. And the parameter sort of, you could say easily, it doesn't exist in, or we have a mass of parameters.
So sort of a parameter across all the devices, maybe parameter around a data center, but it's not the one parameter anymore. That means we have to change the way we are doing it.
And, and one of these areas where this really pops up is around pre your own UI. And then we have the other thing and, and frequently there's, they're called generation Y or digital natives. And this also affects corporate idea.
However, I think we, we shouldn't focus too much on these, on these generations things. So then we talk about generation why these are sort of the millennials ones born after 90, 80, and grown up with digital device. So the ones really started working from, from their, their early days with, with it device, digital natives are sort of the same, some more emphasis on the digital aspect. Maybe today we have even a generation set or something.
So if you look at the, the younger ones, they, in some cases probably are more aware of, of, of risk and, and, and aspects they have to, to keep in mind when, when working with it, then maybe a generation in between, which was sometimes also not only digital native, but also digital native. So without the tea. And I think on the other hand, a lot of things are also proven by, by older people. So why does it change corporate it? So they are grown devices.
Unlike me, when I go back, I, I had my, I bought my first PC, I think in, yeah, the year after IBM, I think in 1986, the year after IBM released IBM PC, they are used to use actually Wises in every everyday life. And they expect frequently to use eyes of their choice in business life, more than any generation before. And I think that's really the most important point and not only these, but also a lot of other people, also older ones are expecting to be able to use the eyes of their choice and business life more and more so, but as I said, bring device suddenly by the young ones.
So in many cases, manager are the first ones pushes. And then there are some other groups like, like I would, would call maybe the, the micro Analyst, which say, okay, you know, I don't want to use this corporate device with windows. I want to use my Mac and not uncommon scenario. I want to use a Linux device, which is also about, I want to bring my own thing here. I want to use my own thing. I want don't want to do with corporate ID it demand. So these are changes and, and overall it leads to situation where we have to deal with, bring your own device.
However, and I think it's a very important aspect. When we talk about bring your own device, it's not only about smartphones and not only about smartphones and tablets. These are sort of the most prominent things we are currently seeing and discussing.
But, and, and unfortunately, these are also the things we're bring your own device technology vendors. So which claim to support all your problems you might have around bring your own device, focus on, however, bring your own devices a much bigger topic. There are smartphone, there are tablets, but there are also the notebooks of employees. In some cases that might be notebooks, which are their own notebooks, or which are actually at least partially privately used.
You have, on the other hand, the notebooks devices of externals, which are accessing the corporate network. So if you look at this, I think that's a very important point. You have a lot of externals in many cases, which are accessing the corporate network, which there notebooks sync even about auditors, which are doing this frequently. So that's another part of bring your own device because it's a not corporate own device, which is used in the context of your corporate it environment.
There are the PCs in the home office, which are sometimes private, sometimes corporate-owned, but privacy privately enabled PCs in public locations, the internet cafe, the PC, and the hotel lobby, whatever they're and all the other upcoming devices, which we maybe not even are aware of. So whom of us knows what will be device choice and two or three or four years from now. And so spectrum of device is much bigger than the previous first glance.
And when we talk about this entire issue of bring your own device and all the other firms we have there, which is not only bringing out device, but there are some other things. Then we end up with a situation where it's about a much bigger topic than trust, controlling smartphones and iPads. It's bigger. And I think it's very important to understand when we talk about this and it also shows that bring your own device, didn't start recently. It's an older topic.
However, it's becoming increasingly critical and poor because the number of device is increasing. So when we look at the spectrum, then we can use, for example, this metrics, which says, okay, we have key personally owned versus corporate owned device. So we have to once with sort of zero control and full control.
So corporate own means it's a corporate device, which could be TD to corporate owned devices or CD corporate owned personally enabled, which is co it could be to bring your own device things which are not owned by the corporation, which might be paid by the corporation actually fully paid or fully owned by the employee. There is also broad range of things we find there.
And then there's the level of control, which says we have full control, which is sort of limited bring your own device or the corporate device, or we have zero control, which might be something which is corporate on, but not controlled. So use it however you want or filtering your own device thing, where someone uses device sort of the higher you move up. And that might be even a bigger rectangle here, but higher, you move in this picture or you are in sort of gray area of unru risk.
And I think that's a very important thing when we go back to corporate device, oh, we have also a lot of risks and we have a lot of things to deal with, but in that area up there, we are sort in a gray area of unable risk where we really have to be extremely important. We have to be important. Any area.
In fact, I just made another metrics there, which compares to risks versus fault benefits. And it's very obvious. There's a price to pay and it might be a line. So it might be a straight line. It might be sort of curve doesn't matter. Really the overall tendency is clear and it's definitely true, which says flexibility and user demand. So flexibility of use how a user can deal with that device and the demand of users saying, I want to use it very flexible. I want to with, I want to use the apps I want, I want to use the applications I want, what, whatever you have here.
And on the other hand, the liability and other types of legal risk, the information security risks, then it's simply Cod is internal, less flexible, but more secure, the less human bring your own device, the higher, the risk to higher, potentially at least the felt benefit. If it's a real benefit. That's another question. I think it's the question we should look at very, very carefully, but it's, that's the situation there. And then we have something in between, which is to coing or the manage bring your own UIs.
So it's sort of continuum, and we need to be aware that this is a very interesting situation. We are paying a price or bring your own device. Is there a chance to avoid bring your own device? If I'm realistic? I would say no. In most cases, not at least bring your own device in.
Also, if you look at all the types of devices, then it's sort of effect and it's effect since PCs appeared, at least when we look at all the devices, all types of devices, not only the smartphone, we might say, okay, this type of smartphone or these things are not allowed with all the discussions we have around this, but completely. So it it's pretty difficult. But as I've said before, game has changed over the course. Last few years is a sort of not only growing number, but sort of an explosion of devices.
Everyone owns my colleague, Craig recently, I think today in his blog, again, published some numbers about the, the number of devices out there, and that also affects the brain, your own device thing. So what it is about is about controlling what can be done based on these devices for trying to prohibit, bring your own devices in most cases more what, what I would call the approach on bringing your own device. So it's fighting the winds a very, very tough thing to do for sure. You might ask. And I think these are very, very well at questions, for sure. You might ask some questions.
So one question is why should someone want to take the liability risk when connecting his device to corporate network, think about infecting the corporate network with the virus. Then you have an issue. There are other risks there. So from the perspective of the individual, you have to look at this on the other end, why shouldn't an enterprise want to take the legal risk of bring your own device and these legal risks are they depend on, on the, the country you are in. They depend for sure, local laws a lot, but they are there virtually everywhere. You shouldn't underestimate them.
And an enterprise really has to ask the question, why should the enterprise want to take the legal risk of bring your own devices realistically sad? And that's sort of in contrast to what I say, you probably don't have a big opportunity or big chance to avoid bring your own device, but realistically sad, you should, you might say, okay, it's better and cheaper to pay all the device is my employees want, but restricted to corporate only use.
So it might be much cheaper to say, okay, I buy everyone two or three different devices of, and the smartphone of Australia, but they are only allowed to be used in the corporate context and controlled by the organization because print your own device will in most cases be the most expensive way to introduce the usage of mobile devices. If you look at legal aspect on a lot of our, since I'm not a lawyer lawyer, but I've discussed this with a lot of lawyers I've so I can't give you legal advice, but it's very worse to get legal advice on this.
And you will see that there are a lot of things to cover. That's a lot of work. It's complexing, it's costless, and you still have risk. And if you can pro prepare this to the cost of saying, okay, maybe it's better. I buy the devices and I accept this and I try to manage them centrally. It might be better.
You need, in any case, create a solid leader framework before you start bringing your own device, not after if you do it. Mobile device management, virtualization, and more, especially in information centric approach on security are a must. And even then you still are facing bailable liability risks. Especially if I look at the EU context, there is really a situation where you say, okay, there, there are a lot of risks. You're mixing private, personal data and corporate data, and that causes a lot of issues.
So on what you actually need to understand is once you open the box of the Pandora, it's at least close to being irres. So it's very hard to close the box of the Pandora again, and to bring your own device thing is sort of a box of, of the Pandora. So I think it's very important to understand, can I avoid it? What does it mean if I can't avoid it, then it's about doing this ride. That's a very complex thing. It needs a lot of strategy, a lot of planning. I can't cover everything around this theory, such a webinar, but I try to touch a lot of points, which are relevant in this context.
But before we dive into these details, I also want to put it into the sort of the corporate it context, because I think that's another, another important aspect to, to look at. So one of the things, the spring year devices, also the corporate, it is sort of losing the grip on what is happening with it. And that's frequently because corporate it more focused on, on things on also prohibiting things, other aspect, instead of driving things forward.
And, and when we look at what business really wants from it, then it's not about technology. What they want is they want the services tools, they need to do their job, and they want to keep corporate information protected ly. So that's really what they're, they're looking for.
And we, in several of our publications, we, we recently described what we call the Cola, it paradigm, it's our guideline for it, future of it. We could also call it the, the future it paradigm. So how should it look in the future? Provided by Cola would be probably be a better, better title for his singing. And what we say is what we need is to focus on business service delivery. So design services, service requests, we need to, to consume it service or produce it services. And we need to manage this. We need to manage the service. We need to secure services, bring your own device.
And it's really a part of information management, information security and the entire it governance part, which we have on the right side of information, governance and service governance. And we, we need to, to, to understand that it has to, to, to act differently. So it's about saying, okay, if this is your wish, then we are responsible for providing the services in a secure way. But it's very important that, that you keep the grip on these things. As I've said, there are several blocks of publications around a co paradigm.
And again, as I've said before, then there's the computing dry car, which are, which is also driving these things. So computing dry car in fact has method influence in this scope of, of information security. When we look at this entire topic. So traditionally we have been more in this dark, dark gray area. So looking at on-premise maybe even outsourcing and private clouds, desktop systems and notebooks on internal users and maybe some partners right now, we have to look at more deployment models.
So it's the light gray area, public cloud hybrid cloud, whatever on a broad range of device types on a broad range of user populations. So, so why does this apply to bring your own device?
Again, one of the points is, and maybe I, I just go back. One of the points is we have more devices there. We have more users using these devices.
So, so even while we say from a corporate this perspective, we don't like to use, bring your own device. In some way, we always will have people accessing corporate systems, corporate information with their own devices. Cause we are going beyond the scope of our classical, traditional internal users. If you take a very big picture, then you always end up with, it's not only about our devices, there are always other devices out there, information security, and that's where really become important as to cover all services, regardless of the deployment model for all potential types of users.
Well beyond the employees using all types of device and that's automatically assess that automatically assess it's also bring your own device. We have to look at so putting information security in the center allows to follow an information center approach from premier own device. So information security log in our paradigm is, is really at the center. And we should put our focus on protecting corporate information and thus fulfill the real business need. That's where we need to start. So over time, the approach should be, how can we protect information?
Because again, if you go back to this picture, we never, ever will be able to protect all devices used in all deployment models, by all types of users, it just doesn't work. That's traditional it, but it doesn't work anymore. So in this traditional scope, it worked sort of, sort of right now, it doesn't. And so since we are doing our own, bring your own device, in fact, are going on, bring your own device, bring your own devices, trust the password you could say, which is around one aspect. The problem behind is how can we protect corporate information? The days of computing, Kar.
That's what it is about by the way, by bring your own device also about providing. But business really wants to drop. They want specific devices because they feel it's easier to work, to deal with this devices. If it is intruder a fundamental difference question. So most of the things which become hype turn out to be not that efficient, some remain. So we will see tablets. We probably will see different types of te over time, but this touch paradigm probably will remain in some way or another, but other things probably will disappear.
So when we go back and look at what happened over the last 10, 15, 20 years as devices, we have seen a lot of change and this will continue. So how do we do secure brain, your own device, if at all? So if you can do it, there are some standard approaches here, which I would call Icentric application centric, network centric, and information centric. Unfortunately, despite the fact that some vendors say, Hey, you use this solution and you've done, or you have everything you need. The reality is all of these approaches are limited mobile device management, device centric.
Will you ever be able to manage all devices, including the classical device, including the PC and all the other things questioner and all the upcoming devices, all the new ones look at how many of these MDM solutions not even support maybe a windows phone today. For sure you could say there are not that many windows phones out there, but if you want to fulfill the promise of bring your device, you need to do application centric, mobile application management. Yes. You can manage some apps, but what about the standard apps?
What about devices without apps using classical software, which is classic deployed, or what about web access? It's just part of the problem, which is suppressed network centric. So looking at a network security, deciding on who is allowed to access, maybe which virtual machine, which applications was his device, what went the access bypasses this exact devices. Just think about your, bring your own device, access to your cloud hosted email system. Where does it touch the, your, your network?
You can construct it in the way that you say authentication has to go through, but that's not the ideal approach. So information centric that would be information protection saying maybe I, I use information, rights management, enterprise rights management approaches across all devices for all information. So how much tourists, how to deal with structure data, not only yet structured data.
Again, a lot of open questions simply said there is not a single approach, which solves you bring your own device challenges. There's some, two other approaches on virtualizations of very interesting thing. One area is desktop virtual station. So saying, okay, access to the corporate desktop environment is run for many devices. First of all, it doesn't work perfect from any type of, from all types of devices. So some devices are, are pretty good in accessing a virtual machine.
Others are not because if you don't run something which is optimized for the device, it's usually not a very best approach there. The positive thing is it's a good level of control over. There's still a risk of malicious success. If the device compromised still given that a lot of the new devices are inherently insecure. The other thing which is coming up is sort of device virtualization in the sense of you're running a virtual mobile device environment on a mobile device.
So running iPhone, iPhone, running, Android, and on the running Mo windows mobile on Android, whatever still in its early stages, but an interesting approach, because then you're much closer to the, the standard paradigm of using these things, the, the user, the user habits and all these things, private environment is then sort of usually if it's really bringing your own device, then it's the private environment as a Hostos, relatively insecure and uncontrolled, the corporate environment is the Gass relatively secure and controlled.
You could also do it vice versa, saying, okay, my it's it's corporate own device, but I want to privately enable it. Then you could say, okay, at the corporate environment, it's either the host or, or one of the gas and the private environment is running in another gas. So there are a different ways to do this, but also here then it's really about a specific type of device. And you see, we have two types of virtualization. If you look at the real estate of desktop virtualization, we also see it's a long, long way to go there.
So again, there's not the holy cradle, there's not the thing which we can use to say, that's everything, another point which comes in. And I think it's a very important thing to keep in mind is that when we look at approaches for secure premium devices, it's not only about technology, which controls devices, which allows to remotely delete devices or whatever. It's also about understanding authentication authorization at the backend level. Because in fact, if you say you, you are allowed to do this with this device or not. That's a very cost crazy thing.
It's yes, no. The reality is, is more sort of a shade of grace. There are a lot of different, lot of different grace you have there. So some things you're not allowed to do, some things you're allowed to do without thinking much about. And there's a lot of lot in between, which you might be allowed to do if you're using a device, which has undergone a current house check, which has sort of an AV or sort of an encrypted storage for a mobile device, which is in a specific location and all these things.
So if you take your information risk on one hand, so how sensitive is the information and your contact information, which device, which location, which configuration, which user, whatever, put us together and base your authentication or authorization decisions on that, then you are much better able to deal with this. And I think that's really the point. So you really have to move forward to this. It's really about understanding your risk.
And I think that's really the point where you, where you end up, you need to understand your risk, the threat, the probability, the impact on the assets, the impact on the business process. There are a lot of different types of risks. You have to understand, and you need to understand, you need to, to categorize risk classes, which we can do from different perspectives, which is your information, risk, your systems and the impact, which are view on risk glasses or the combinations of whatever you're doing there. So it's really understanding risk and dealing in the context of risks.
So we have different types of risks to commonly understand it, operational reputation, strategic. We should keep in mind that every it risk is only relevant because it's associated to business risks. It can be operational, it can be rep reputational. So if you look at all the breach notifications things we have today, then that's a very common thing. It can be even strategic. If you look at some of the more server incidents, which happened recently, which really affects the business banks on game providers, whatever.
So, and we need to understand when we look at risk, the premium device goes beyond system risks. So we have to at least have sort of a service governance or a view on the services systems and the information that's the minimum, the even should put it in the context of the business process. I want don't want to dive too deep into this picture, but I think there are a lot of things in where we have to move forward beyond a system or even service governance to work information governance. We need to understand what information or what is the risk of information.
And to combine this with the service or system risk, to understand what really happens and best of all, also to understand which business business processes can be affected by it. So we have a lot of ideas or concept so standardized or standardized approaches saying, okay, we have risk rating. We have put together probability and impact. If it's a low impact, a low probability, then it's sort of green somewhere in between. It's yellow and then it's red and we do it for information or can do it for information, processes, services, systems.
We can rate our risk, and then we can understand what we need to do when, so that's really the point. So when you do bring your own devices, it's moving from risks to policies to improve your own device approach. We can only talk about what we need and how to do it when we understand what is behind it. So understanding the information risks and when they occur, I think that's the other part of it. Find the policies to find the controls. How do we measure it? How do we identify this check?
The legal aspects, negotiate a contract, negotiate the, the agreements with your employees, the types of uses, and then implement the technical solutions to support policy, inform risk mitigation, and run this successfully and ensure that it's run correctly and doing all these things correctly. But it's very clear. It's about understanding risks. And then some, some point ending up with improving your own device approach and putting your own device clearly doesn't mean that everyone's allow to, to everything. It also includes prohibiting access.
Very simply said, you can't access everything without limitations. It's about controlled access to corporate information, zero control minimal or no access full control, full or comprehensive access. Simply said, this things are dependent. That's where this context and risk based loss indication ulceration comes into play. For example. So when we look at technologies, then moving a little bit forward again, there are a lot of technologies out there, as I've said, there's, it's very, very clear that there's not the single technology out, abs all your problems.
You need to understand what to do and you need to. Also, as I said, you need to understand the legal aspects of this and they are not trivial. And if you're a global organization, you have to understand this legal aspects for every country and region, and they might be extremely different. So sun criteria here are all types of own devices supported.
If not, what do you need in addition? So that's this really solve forever everything or not, or do you need lot of tools? Is there a good chance that new types of devices will be supported immediately after availability team? So right now, all the people are going out with their iPhone five or trying to get many people want to have an iPhone five for some new iOS means you need to update it. Technology probably trust as an example, windows eight will be out not that far. And we will see a lot of windows, 80 devices.
So will they be supported windows eight, RT and windows eight classical sort of things. Another point that's the approach really complies legal aspects.
Again, legal, legal, legal talk to your lawyers. Look for the lawyers who really understand this, how complex is deployment. That's the other thing. So there might be technologies which are quite good, but very hard to deploy or very hard to manage. And you shouldn't end up with too much of management. You should keep it as simple as possible. What about user acceptance?
So, so if you say there's a lot of restrictions here, you're not allowed to use that standard mail application to access corporate mail. You have to use a special mail application, which is secure. That might to point where users says, no, I don't want to do it. Maybe he's also, he on the other hand says, oh great. Because that allows me then not to access corporate mail while I'm on vacation.
Whereas when I use my mail application on the iPad with different mailboxes, I always see all the males and I'm confronted with corporate males, even when I'm not interested in them without at least if I don't reconfigure a system. So there are different views on it. Doesn't mitigate at least some of the server information, security, risk, and approach that doesn't really solve your problems. It's not worth to spend money.
And that's the combination of chosen approach is mitigate all server information, security risk, which might include not allowing access to some information specific devices from specific locations. So I think that's really point, which is very important. At the end of the day, you should have an answer for all server risk. You've identified, and you need to have your, your corporate policies, which are based on information, risk, legal aspects, user requirements, contractual agreements, which to use and others, which are not necessarily on the employees.
There are a lot of others out there and the technical solutions, and that's what really makes up your bring your own device approach. So bring your own device.
Or, and as I said, it's much more than, than trust an iPad or iPhone or whatever. There's no single solution out which stores everything. And it's a balance that between user X to device support and information security, and clearly you shouldn't end up with risking too much for your organization. So you need to understand information security, risk first, where does it come from? Which information's affected all these things. And you also, on the other hand need to accept, there is no chance, limited breadth devices and use so easier.
You say you're only allowed to use what many companies still have sort of only allowed to use Blackberry, but the iPad or whatever pops up, then you open up the next door. And at some point of time, it's very hard to argue why not allowing this and this and this and this as well. Here's a single technology which covers all these status. Sure. You need a mix of technology.
You need, especially you need not only technology. You need legal processes, policies, all these things together with technology. So start this information, security risk, and then pick the set of technologies, which help you to mitigate in most server risk. And when technology technology doesn't help, he needs to add other solutions, including block access. But that's a very, very quick at the end of the day, when the still rough overview of what you need to do bring around wise. I hope that it help you a little bit in, in getting some of the years around this.
I have all also first questions here. It might be very, very interesting to you then to, to have a look at this. And so I, I, I would say start entering first questions, have the first ones here and I will go through the questions. Then we will try to answer all the questions you might have. So the first question is, is more sort of a commonized thing. It came in a little bit before, and I think I have touched, but I, I still wanna wanna reread it and sort of emphasize it.
So the comment is the best approach I have seen in that case from the person commenting by security architect is to categorize consumers. So the combination of user device, application contact like time location, et cetera, it's risk glasses that allows security policy to corate on the important cases while being lax and thus less confrontational with employees in all other cases, which are the maturity.
And yes, that's right. Nevertheless, you shouldn't underestimate the consequences, which, which might occur from a leading perspective, which might influence all employees, especially, and keep in mind, it's more Aries. This entire thing is bigger than the employees. Second question. And I think it's a very, that's that's the second point. I think a very, very interesting one. Also one are typical questions to be asked to a lawyer. I think the, the first thing is, I think one of the, the first questions is, am I allowed to delete or whatever, a device from a user.
So that's one of the first things you have to keep in mind. In many cases, it's just about, you are not really alert or there are some, some, some big issues around this.
So if the, the user can have personal data on the device and you deleted even while he made a fault, that might cause situation where you are responsible and sort of liable for deleting this personal data. And when he then says, oh, I found it again wise, and you deleted, it sort of include us accidentally that's can be a liability issue that especially an issue in cases where, where maybe an employee or an close to ally might want to, to harm you, but it's something you have to keep in mind.
The second part is in fact, really about how can you, or what does it mean that you typically have personal and corporate data on the same device? And the third thing is, especially by, by mixed use cases, to which degree are you allowed to, to view to things on that device? That's not only a question for a lawyer, but if you look at, for example, Germany and some other countries, it's also about understanding the, how should I call it? It's also about the trouble it's side.
So the, the employee organization, so the ones who are representing the, the employees we have to troubles in other countries, I think work to workers constantly have. I think there, there are some other things you have to keep in mind there. So it's interesting, especially, so for example, for Germany, and I mean, for some one or two other countries, I also, if, if you sent me email as said, you get you in contact contact with this, this lawyers who are more specialized in these things, which have very deep insight into these things. But I think it's very important to understand these aspects.
Very, roughly any other questions. So if there are any questions, just answer them now so that I can pick them. Another question I have been asked is there's a recording available for the webinar.
Yes, it is. It's still running for photo recording and it'll be available tomorrow. Is there anything else you want to ask? So if you have any other questions, just enter these questions and I will try to answer them. Okay. If they're now first questions, I hope that webinar gave you some insight into these complex issues. For sure. We can provide you as much more information. That's also one of the things we're doing in research. So I will update our, bring your own device reports.
And I also, we also for sure do device services and for sure bring your own device and all these issues will be an important topic at the upcoming European and thought conference. So thank you for your time. Thank you for listening to this, our call webinar. If you want to take the CPE test, look at an email you're receiving. And as I said, thank you and have a nice day. Bye.